The discussion on how ooo-security would (or would not) work, and how cooperation with other security teams would (or would not work) was quite public and visible on ooo-dev.
How is it that this "reciprocal action" occurred and was made known to the Apache OOo podling? And how is it that it was performed on securityteam@openoffice.org ? When did that become a TDF property? Who is the "our" in whose name a reciprocal action was taken?
If this was a race to demonstrate who is the least trustworthy in these matters, I concede that you won. Feel better now?
Now, how is détente to be achieved?
- Dennis
-----Original Message-----
From: Michael Meeks [mailto:michael.meeks@suse.com]
Sent: Monday, October 10, 2011 03:11
To: ooo-dev@incubator.apache.org
Subject: Re: Vulnerability fixed in LibreOffice
[ ... ]
I would instead seriously suggest that the Apache OOo decision to
exclude non-committers from the security list (undoing years of trust
and co-operation here) plus our reciprocal action is the ultimate root
cause of this communication problem. Fixing that by re-visiting that
decision seems like the cheapest approach. Having dozens of contact
points for umpteen different lists seems like a sure-fire recipe for
disaster.
[ ... ]